I'm building some custom request handlers (inspired by the RestfulServer module). The default response-formatter intentionally is set to JSON, that's why the JSONDataFormatter's function "convertDataObjectToJSONObject()" is fired. Now, when the service returns an object with a varchar property from the database, that contains an ampersand '&' within the value string, the convertDataObjectToJSONObject() function converts this to a &.
I've debugged and analized the code and just until the line 59 of JSONDataFormatter (Silverstripe Version 3.1) where it says:
55 foreach($this->getFieldsForObj($obj) as $fieldName => $fieldType) {
56 // Field filtering
57 if($fields && !in_array($fieldName, $fields)) continue;
58
59 $fieldValue = $obj->obj($fieldName)->forTemplate();
60 $serobj->$fieldName = $fieldValue;
61 }
The forTemplate() function finally utilizes the Convert::raw2xml() function to convert the database-value of the Varchar field to an XML string. This is where the & is converted to an &
I think this behaviour is wrong, because JSON mus only contain unicode characters: When reading the definition of json on json.org I assume that a string must not be converted using htmlentities() or urlencode but must contain only unicode-characters. That's why I think the function's implementation is wrong - there shouln'd be a conversion to XML using HTML-entities. Either the Unicode-Values returnedby the database should be passed or a conversion to utf8 should be done
What do you think?